On Thu, Nov 29, 2018 at 02:52:19PM +0100, Michal Privoznik wrote: > It's important to keep XATTRs untouched (well, in the same state > they were in when entering the function). Otherwise our > refcounting would be messed up. > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/security/security_dac.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/src/security/security_dac.c b/src/security/security_dac.c > index 6b64d2c07a..8155c6d58a 100644 > --- a/src/security/security_dac.c > +++ b/src/security/security_dac.c > @@ -718,7 +718,25 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, > VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", > NULLSTR(src ? src->path : path), (long)uid, (long)gid); > > - return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid); > + if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0) { > + virErrorPtr origerr; > + > + virErrorPreserveLast(&origerr); > + /* Try to restore the label. This is done so that XATTRs > + * are left in the same state as when the control entered > + * this function. However, if our attempt fails, there's > + * not much we can do. XATTRs refcounting is fubar'ed and > + * the only option we have is warn users. */ > + if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0) > + VIR_WARN("Unable to restore label on '%s'. " > + "XATTRs might have been left in inconsistent state.", > + NULLSTR(src ? src->path : path)); > + > + virErrorRestore(&origerr); > + return -1; > + } > + > + return 0; > } Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> THough I feel this could probably just be squashed into the patch that integrates the label remembering, as it doesn't really do anything useful on its own. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list